Hannes Tschofenig
Example program to test AES-GCM functionality. Used for a workshop
SSL/include/polarssl/rsa.h@0:796d0f61a05b, 2018-09-27 (annotated)
- Committer:
- HannesTschofenig
- Date:
- Thu Sep 27 06:34:22 2018 +0000
- Revision:
- 0:796d0f61a05b
Example AES-GCM test program
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| HannesTschofenig | 0:796d0f61a05b | 1 | /** |
| HannesTschofenig | 0:796d0f61a05b | 2 | * \file rsa.h |
| HannesTschofenig | 0:796d0f61a05b | 3 | * |
| HannesTschofenig | 0:796d0f61a05b | 4 | * \brief The RSA public-key cryptosystem |
| HannesTschofenig | 0:796d0f61a05b | 5 | * |
| HannesTschofenig | 0:796d0f61a05b | 6 | * Copyright (C) 2006-2014, Brainspark B.V. |
| HannesTschofenig | 0:796d0f61a05b | 7 | * |
| HannesTschofenig | 0:796d0f61a05b | 8 | * This file is part of PolarSSL (http://www.polarssl.org) |
| HannesTschofenig | 0:796d0f61a05b | 9 | * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org> |
| HannesTschofenig | 0:796d0f61a05b | 10 | * |
| HannesTschofenig | 0:796d0f61a05b | 11 | * All rights reserved. |
| HannesTschofenig | 0:796d0f61a05b | 12 | * |
| HannesTschofenig | 0:796d0f61a05b | 13 | * This program is free software; you can redistribute it and/or modify |
| HannesTschofenig | 0:796d0f61a05b | 14 | * it under the terms of the GNU General Public License as published by |
| HannesTschofenig | 0:796d0f61a05b | 15 | * the Free Software Foundation; either version 2 of the License, or |
| HannesTschofenig | 0:796d0f61a05b | 16 | * (at your option) any later version. |
| HannesTschofenig | 0:796d0f61a05b | 17 | * |
| HannesTschofenig | 0:796d0f61a05b | 18 | * This program is distributed in the hope that it will be useful, |
| HannesTschofenig | 0:796d0f61a05b | 19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| HannesTschofenig | 0:796d0f61a05b | 20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| HannesTschofenig | 0:796d0f61a05b | 21 | * GNU General Public License for more details. |
| HannesTschofenig | 0:796d0f61a05b | 22 | * |
| HannesTschofenig | 0:796d0f61a05b | 23 | * You should have received a copy of the GNU General Public License along |
| HannesTschofenig | 0:796d0f61a05b | 24 | * with this program; if not, write to the Free Software Foundation, Inc., |
| HannesTschofenig | 0:796d0f61a05b | 25 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| HannesTschofenig | 0:796d0f61a05b | 26 | */ |
| HannesTschofenig | 0:796d0f61a05b | 27 | #ifndef POLARSSL_RSA_H |
| HannesTschofenig | 0:796d0f61a05b | 28 | #define POLARSSL_RSA_H |
| HannesTschofenig | 0:796d0f61a05b | 29 | |
| HannesTschofenig | 0:796d0f61a05b | 30 | #if !defined(POLARSSL_CONFIG_FILE) |
| HannesTschofenig | 0:796d0f61a05b | 31 | #include "config.h" |
| HannesTschofenig | 0:796d0f61a05b | 32 | #else |
| HannesTschofenig | 0:796d0f61a05b | 33 | #include POLARSSL_CONFIG_FILE |
| HannesTschofenig | 0:796d0f61a05b | 34 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 35 | |
| HannesTschofenig | 0:796d0f61a05b | 36 | #include "bignum.h" |
| HannesTschofenig | 0:796d0f61a05b | 37 | #include "md.h" |
| HannesTschofenig | 0:796d0f61a05b | 38 | |
| HannesTschofenig | 0:796d0f61a05b | 39 | #if defined(POLARSSL_THREADING_C) |
| HannesTschofenig | 0:796d0f61a05b | 40 | #include "threading.h" |
| HannesTschofenig | 0:796d0f61a05b | 41 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 42 | |
| HannesTschofenig | 0:796d0f61a05b | 43 | /* |
| HannesTschofenig | 0:796d0f61a05b | 44 | * RSA Error codes |
| HannesTschofenig | 0:796d0f61a05b | 45 | */ |
| HannesTschofenig | 0:796d0f61a05b | 46 | #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x4080 /**< Bad input parameters to function. */ |
| HannesTschofenig | 0:796d0f61a05b | 47 | #define POLARSSL_ERR_RSA_INVALID_PADDING -0x4100 /**< Input data contains invalid padding and is rejected. */ |
| HannesTschofenig | 0:796d0f61a05b | 48 | #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x4180 /**< Something failed during generation of a key. */ |
| HannesTschofenig | 0:796d0f61a05b | 49 | #define POLARSSL_ERR_RSA_KEY_CHECK_FAILED -0x4200 /**< Key failed to pass the libraries validity check. */ |
| HannesTschofenig | 0:796d0f61a05b | 50 | #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x4280 /**< The public key operation failed. */ |
| HannesTschofenig | 0:796d0f61a05b | 51 | #define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x4300 /**< The private key operation failed. */ |
| HannesTschofenig | 0:796d0f61a05b | 52 | #define POLARSSL_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ |
| HannesTschofenig | 0:796d0f61a05b | 53 | #define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ |
| HannesTschofenig | 0:796d0f61a05b | 54 | #define POLARSSL_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ |
| HannesTschofenig | 0:796d0f61a05b | 55 | |
| HannesTschofenig | 0:796d0f61a05b | 56 | /* |
| HannesTschofenig | 0:796d0f61a05b | 57 | * RSA constants |
| HannesTschofenig | 0:796d0f61a05b | 58 | */ |
| HannesTschofenig | 0:796d0f61a05b | 59 | #define RSA_PUBLIC 0 |
| HannesTschofenig | 0:796d0f61a05b | 60 | #define RSA_PRIVATE 1 |
| HannesTschofenig | 0:796d0f61a05b | 61 | |
| HannesTschofenig | 0:796d0f61a05b | 62 | #define RSA_PKCS_V15 0 |
| HannesTschofenig | 0:796d0f61a05b | 63 | #define RSA_PKCS_V21 1 |
| HannesTschofenig | 0:796d0f61a05b | 64 | |
| HannesTschofenig | 0:796d0f61a05b | 65 | #define RSA_SIGN 1 |
| HannesTschofenig | 0:796d0f61a05b | 66 | #define RSA_CRYPT 2 |
| HannesTschofenig | 0:796d0f61a05b | 67 | |
| HannesTschofenig | 0:796d0f61a05b | 68 | /* |
| HannesTschofenig | 0:796d0f61a05b | 69 | * The above constants may be used even if the RSA module is compile out, |
| HannesTschofenig | 0:796d0f61a05b | 70 | * eg for alternative (PKCS#11) RSA implemenations in the PK layers. |
| HannesTschofenig | 0:796d0f61a05b | 71 | */ |
| HannesTschofenig | 0:796d0f61a05b | 72 | #if defined(POLARSSL_RSA_C) |
| HannesTschofenig | 0:796d0f61a05b | 73 | |
| HannesTschofenig | 0:796d0f61a05b | 74 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 75 | extern "C" { |
| HannesTschofenig | 0:796d0f61a05b | 76 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 77 | |
| HannesTschofenig | 0:796d0f61a05b | 78 | /** |
| HannesTschofenig | 0:796d0f61a05b | 79 | * \brief RSA context structure |
| HannesTschofenig | 0:796d0f61a05b | 80 | */ |
| HannesTschofenig | 0:796d0f61a05b | 81 | typedef struct |
| HannesTschofenig | 0:796d0f61a05b | 82 | { |
| HannesTschofenig | 0:796d0f61a05b | 83 | int ver; /*!< always 0 */ |
| HannesTschofenig | 0:796d0f61a05b | 84 | size_t len; /*!< size(N) in chars */ |
| HannesTschofenig | 0:796d0f61a05b | 85 | |
| HannesTschofenig | 0:796d0f61a05b | 86 | mpi N; /*!< public modulus */ |
| HannesTschofenig | 0:796d0f61a05b | 87 | mpi E; /*!< public exponent */ |
| HannesTschofenig | 0:796d0f61a05b | 88 | |
| HannesTschofenig | 0:796d0f61a05b | 89 | mpi D; /*!< private exponent */ |
| HannesTschofenig | 0:796d0f61a05b | 90 | mpi P; /*!< 1st prime factor */ |
| HannesTschofenig | 0:796d0f61a05b | 91 | mpi Q; /*!< 2nd prime factor */ |
| HannesTschofenig | 0:796d0f61a05b | 92 | mpi DP; /*!< D % (P - 1) */ |
| HannesTschofenig | 0:796d0f61a05b | 93 | mpi DQ; /*!< D % (Q - 1) */ |
| HannesTschofenig | 0:796d0f61a05b | 94 | mpi QP; /*!< 1 / (Q % P) */ |
| HannesTschofenig | 0:796d0f61a05b | 95 | |
| HannesTschofenig | 0:796d0f61a05b | 96 | mpi RN; /*!< cached R^2 mod N */ |
| HannesTschofenig | 0:796d0f61a05b | 97 | mpi RP; /*!< cached R^2 mod P */ |
| HannesTschofenig | 0:796d0f61a05b | 98 | mpi RQ; /*!< cached R^2 mod Q */ |
| HannesTschofenig | 0:796d0f61a05b | 99 | |
| HannesTschofenig | 0:796d0f61a05b | 100 | #if !defined(POLARSSL_RSA_NO_CRT) |
| HannesTschofenig | 0:796d0f61a05b | 101 | mpi Vi; /*!< cached blinding value */ |
| HannesTschofenig | 0:796d0f61a05b | 102 | mpi Vf; /*!< cached un-blinding value */ |
| HannesTschofenig | 0:796d0f61a05b | 103 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 104 | |
| HannesTschofenig | 0:796d0f61a05b | 105 | int padding; /*!< RSA_PKCS_V15 for 1.5 padding and |
| HannesTschofenig | 0:796d0f61a05b | 106 | RSA_PKCS_v21 for OAEP/PSS */ |
| HannesTschofenig | 0:796d0f61a05b | 107 | int hash_id; /*!< Hash identifier of md_type_t as |
| HannesTschofenig | 0:796d0f61a05b | 108 | specified in the md.h header file |
| HannesTschofenig | 0:796d0f61a05b | 109 | for the EME-OAEP and EMSA-PSS |
| HannesTschofenig | 0:796d0f61a05b | 110 | encoding */ |
| HannesTschofenig | 0:796d0f61a05b | 111 | #if defined(POLARSSL_THREADING_C) |
| HannesTschofenig | 0:796d0f61a05b | 112 | threading_mutex_t mutex; /*!< Thread-safety mutex */ |
| HannesTschofenig | 0:796d0f61a05b | 113 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 114 | } |
| HannesTschofenig | 0:796d0f61a05b | 115 | rsa_context; |
| HannesTschofenig | 0:796d0f61a05b | 116 | |
| HannesTschofenig | 0:796d0f61a05b | 117 | /** |
| HannesTschofenig | 0:796d0f61a05b | 118 | * \brief Initialize an RSA context |
| HannesTschofenig | 0:796d0f61a05b | 119 | * |
| HannesTschofenig | 0:796d0f61a05b | 120 | * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP |
| HannesTschofenig | 0:796d0f61a05b | 121 | * encryption scheme and the RSASSA-PSS signature scheme. |
| HannesTschofenig | 0:796d0f61a05b | 122 | * |
| HannesTschofenig | 0:796d0f61a05b | 123 | * \param ctx RSA context to be initialized |
| HannesTschofenig | 0:796d0f61a05b | 124 | * \param padding RSA_PKCS_V15 or RSA_PKCS_V21 |
| HannesTschofenig | 0:796d0f61a05b | 125 | * \param hash_id RSA_PKCS_V21 hash identifier |
| HannesTschofenig | 0:796d0f61a05b | 126 | * |
| HannesTschofenig | 0:796d0f61a05b | 127 | * \note The hash_id parameter is actually ignored |
| HannesTschofenig | 0:796d0f61a05b | 128 | * when using RSA_PKCS_V15 padding. |
| HannesTschofenig | 0:796d0f61a05b | 129 | */ |
| HannesTschofenig | 0:796d0f61a05b | 130 | void rsa_init( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 131 | int padding, |
| HannesTschofenig | 0:796d0f61a05b | 132 | int hash_id); |
| HannesTschofenig | 0:796d0f61a05b | 133 | |
| HannesTschofenig | 0:796d0f61a05b | 134 | /** |
| HannesTschofenig | 0:796d0f61a05b | 135 | * \brief Set padding for an already initialized RSA context |
| HannesTschofenig | 0:796d0f61a05b | 136 | * |
| HannesTschofenig | 0:796d0f61a05b | 137 | * Note: Set padding to RSA_PKCS_V21 for the RSAES-OAEP |
| HannesTschofenig | 0:796d0f61a05b | 138 | * encryption scheme and the RSASSA-PSS signature scheme. |
| HannesTschofenig | 0:796d0f61a05b | 139 | * |
| HannesTschofenig | 0:796d0f61a05b | 140 | * \param ctx RSA context to be set |
| HannesTschofenig | 0:796d0f61a05b | 141 | * \param padding RSA_PKCS_V15 or RSA_PKCS_V21 |
| HannesTschofenig | 0:796d0f61a05b | 142 | * \param hash_id RSA_PKCS_V21 hash identifier |
| HannesTschofenig | 0:796d0f61a05b | 143 | * |
| HannesTschofenig | 0:796d0f61a05b | 144 | * \note The hash_id parameter is actually ignored |
| HannesTschofenig | 0:796d0f61a05b | 145 | * when using RSA_PKCS_V15 padding. |
| HannesTschofenig | 0:796d0f61a05b | 146 | */ |
| HannesTschofenig | 0:796d0f61a05b | 147 | void rsa_set_padding( rsa_context *ctx, int padding, int hash_id); |
| HannesTschofenig | 0:796d0f61a05b | 148 | |
| HannesTschofenig | 0:796d0f61a05b | 149 | /** |
| HannesTschofenig | 0:796d0f61a05b | 150 | * \brief Generate an RSA keypair |
| HannesTschofenig | 0:796d0f61a05b | 151 | * |
| HannesTschofenig | 0:796d0f61a05b | 152 | * \param ctx RSA context that will hold the key |
| HannesTschofenig | 0:796d0f61a05b | 153 | * \param f_rng RNG function |
| HannesTschofenig | 0:796d0f61a05b | 154 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 155 | * \param nbits size of the public key in bits |
| HannesTschofenig | 0:796d0f61a05b | 156 | * \param exponent public exponent (e.g., 65537) |
| HannesTschofenig | 0:796d0f61a05b | 157 | * |
| HannesTschofenig | 0:796d0f61a05b | 158 | * \note rsa_init() must be called beforehand to setup |
| HannesTschofenig | 0:796d0f61a05b | 159 | * the RSA context. |
| HannesTschofenig | 0:796d0f61a05b | 160 | * |
| HannesTschofenig | 0:796d0f61a05b | 161 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 162 | */ |
| HannesTschofenig | 0:796d0f61a05b | 163 | int rsa_gen_key( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 164 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 165 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 166 | unsigned int nbits, int exponent ); |
| HannesTschofenig | 0:796d0f61a05b | 167 | |
| HannesTschofenig | 0:796d0f61a05b | 168 | /** |
| HannesTschofenig | 0:796d0f61a05b | 169 | * \brief Check a public RSA key |
| HannesTschofenig | 0:796d0f61a05b | 170 | * |
| HannesTschofenig | 0:796d0f61a05b | 171 | * \param ctx RSA context to be checked |
| HannesTschofenig | 0:796d0f61a05b | 172 | * |
| HannesTschofenig | 0:796d0f61a05b | 173 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 174 | */ |
| HannesTschofenig | 0:796d0f61a05b | 175 | int rsa_check_pubkey( const rsa_context *ctx ); |
| HannesTschofenig | 0:796d0f61a05b | 176 | |
| HannesTschofenig | 0:796d0f61a05b | 177 | /** |
| HannesTschofenig | 0:796d0f61a05b | 178 | * \brief Check a private RSA key |
| HannesTschofenig | 0:796d0f61a05b | 179 | * |
| HannesTschofenig | 0:796d0f61a05b | 180 | * \param ctx RSA context to be checked |
| HannesTschofenig | 0:796d0f61a05b | 181 | * |
| HannesTschofenig | 0:796d0f61a05b | 182 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 183 | */ |
| HannesTschofenig | 0:796d0f61a05b | 184 | int rsa_check_privkey( const rsa_context *ctx ); |
| HannesTschofenig | 0:796d0f61a05b | 185 | |
| HannesTschofenig | 0:796d0f61a05b | 186 | /** |
| HannesTschofenig | 0:796d0f61a05b | 187 | * \brief Do an RSA public key operation |
| HannesTschofenig | 0:796d0f61a05b | 188 | * |
| HannesTschofenig | 0:796d0f61a05b | 189 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 190 | * \param input input buffer |
| HannesTschofenig | 0:796d0f61a05b | 191 | * \param output output buffer |
| HannesTschofenig | 0:796d0f61a05b | 192 | * |
| HannesTschofenig | 0:796d0f61a05b | 193 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 194 | * |
| HannesTschofenig | 0:796d0f61a05b | 195 | * \note This function does NOT take care of message |
| HannesTschofenig | 0:796d0f61a05b | 196 | * padding. Also, be sure to set input[0] = 0 or assure that |
| HannesTschofenig | 0:796d0f61a05b | 197 | * input is smaller than N. |
| HannesTschofenig | 0:796d0f61a05b | 198 | * |
| HannesTschofenig | 0:796d0f61a05b | 199 | * \note The input and output buffers must be large |
| HannesTschofenig | 0:796d0f61a05b | 200 | * enough (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 201 | */ |
| HannesTschofenig | 0:796d0f61a05b | 202 | int rsa_public( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 203 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 204 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 205 | |
| HannesTschofenig | 0:796d0f61a05b | 206 | /** |
| HannesTschofenig | 0:796d0f61a05b | 207 | * \brief Do an RSA private key operation |
| HannesTschofenig | 0:796d0f61a05b | 208 | * |
| HannesTschofenig | 0:796d0f61a05b | 209 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 210 | * \param f_rng RNG function (Needed for blinding) |
| HannesTschofenig | 0:796d0f61a05b | 211 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 212 | * \param input input buffer |
| HannesTschofenig | 0:796d0f61a05b | 213 | * \param output output buffer |
| HannesTschofenig | 0:796d0f61a05b | 214 | * |
| HannesTschofenig | 0:796d0f61a05b | 215 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 216 | * |
| HannesTschofenig | 0:796d0f61a05b | 217 | * \note The input and output buffers must be large |
| HannesTschofenig | 0:796d0f61a05b | 218 | * enough (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 219 | */ |
| HannesTschofenig | 0:796d0f61a05b | 220 | int rsa_private( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 221 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 222 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 223 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 224 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 225 | |
| HannesTschofenig | 0:796d0f61a05b | 226 | /** |
| HannesTschofenig | 0:796d0f61a05b | 227 | * \brief Generic wrapper to perform a PKCS#1 encryption using the |
| HannesTschofenig | 0:796d0f61a05b | 228 | * mode from the context. Add the message padding, then do an |
| HannesTschofenig | 0:796d0f61a05b | 229 | * RSA operation. |
| HannesTschofenig | 0:796d0f61a05b | 230 | * |
| HannesTschofenig | 0:796d0f61a05b | 231 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 232 | * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding |
| HannesTschofenig | 0:796d0f61a05b | 233 | * and RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 234 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 235 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 236 | * \param ilen contains the plaintext length |
| HannesTschofenig | 0:796d0f61a05b | 237 | * \param input buffer holding the data to be encrypted |
| HannesTschofenig | 0:796d0f61a05b | 238 | * \param output buffer that will hold the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 239 | * |
| HannesTschofenig | 0:796d0f61a05b | 240 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 241 | * |
| HannesTschofenig | 0:796d0f61a05b | 242 | * \note The output buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 243 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 244 | */ |
| HannesTschofenig | 0:796d0f61a05b | 245 | int rsa_pkcs1_encrypt( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 246 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 247 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 248 | int mode, size_t ilen, |
| HannesTschofenig | 0:796d0f61a05b | 249 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 250 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 251 | |
| HannesTschofenig | 0:796d0f61a05b | 252 | /** |
| HannesTschofenig | 0:796d0f61a05b | 253 | * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) |
| HannesTschofenig | 0:796d0f61a05b | 254 | * |
| HannesTschofenig | 0:796d0f61a05b | 255 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 256 | * \param f_rng RNG function (Needed for padding and RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 257 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 258 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 259 | * \param ilen contains the plaintext length |
| HannesTschofenig | 0:796d0f61a05b | 260 | * \param input buffer holding the data to be encrypted |
| HannesTschofenig | 0:796d0f61a05b | 261 | * \param output buffer that will hold the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 262 | * |
| HannesTschofenig | 0:796d0f61a05b | 263 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 264 | * |
| HannesTschofenig | 0:796d0f61a05b | 265 | * \note The output buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 266 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 267 | */ |
| HannesTschofenig | 0:796d0f61a05b | 268 | int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 269 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 270 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 271 | int mode, size_t ilen, |
| HannesTschofenig | 0:796d0f61a05b | 272 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 273 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 274 | |
| HannesTschofenig | 0:796d0f61a05b | 275 | /** |
| HannesTschofenig | 0:796d0f61a05b | 276 | * \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT) |
| HannesTschofenig | 0:796d0f61a05b | 277 | * |
| HannesTschofenig | 0:796d0f61a05b | 278 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 279 | * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding |
| HannesTschofenig | 0:796d0f61a05b | 280 | * and RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 281 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 282 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 283 | * \param label buffer holding the custom label to use |
| HannesTschofenig | 0:796d0f61a05b | 284 | * \param label_len contains the label length |
| HannesTschofenig | 0:796d0f61a05b | 285 | * \param ilen contains the plaintext length |
| HannesTschofenig | 0:796d0f61a05b | 286 | * \param input buffer holding the data to be encrypted |
| HannesTschofenig | 0:796d0f61a05b | 287 | * \param output buffer that will hold the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 288 | * |
| HannesTschofenig | 0:796d0f61a05b | 289 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 290 | * |
| HannesTschofenig | 0:796d0f61a05b | 291 | * \note The output buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 292 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 293 | */ |
| HannesTschofenig | 0:796d0f61a05b | 294 | int rsa_rsaes_oaep_encrypt( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 295 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 296 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 297 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 298 | const unsigned char *label, size_t label_len, |
| HannesTschofenig | 0:796d0f61a05b | 299 | size_t ilen, |
| HannesTschofenig | 0:796d0f61a05b | 300 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 301 | unsigned char *output ); |
| HannesTschofenig | 0:796d0f61a05b | 302 | |
| HannesTschofenig | 0:796d0f61a05b | 303 | /** |
| HannesTschofenig | 0:796d0f61a05b | 304 | * \brief Generic wrapper to perform a PKCS#1 decryption using the |
| HannesTschofenig | 0:796d0f61a05b | 305 | * mode from the context. Do an RSA operation, then remove |
| HannesTschofenig | 0:796d0f61a05b | 306 | * the message padding |
| HannesTschofenig | 0:796d0f61a05b | 307 | * |
| HannesTschofenig | 0:796d0f61a05b | 308 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 309 | * \param f_rng RNG function (Only needed for RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 310 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 311 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 312 | * \param olen will contain the plaintext length |
| HannesTschofenig | 0:796d0f61a05b | 313 | * \param input buffer holding the encrypted data |
| HannesTschofenig | 0:796d0f61a05b | 314 | * \param output buffer that will hold the plaintext |
| HannesTschofenig | 0:796d0f61a05b | 315 | * \param output_max_len maximum length of the output buffer |
| HannesTschofenig | 0:796d0f61a05b | 316 | * |
| HannesTschofenig | 0:796d0f61a05b | 317 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 318 | * |
| HannesTschofenig | 0:796d0f61a05b | 319 | * \note The output buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 320 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
| HannesTschofenig | 0:796d0f61a05b | 321 | * an error is thrown. |
| HannesTschofenig | 0:796d0f61a05b | 322 | */ |
| HannesTschofenig | 0:796d0f61a05b | 323 | int rsa_pkcs1_decrypt( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 324 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 325 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 326 | int mode, size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 327 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 328 | unsigned char *output, |
| HannesTschofenig | 0:796d0f61a05b | 329 | size_t output_max_len ); |
| HannesTschofenig | 0:796d0f61a05b | 330 | |
| HannesTschofenig | 0:796d0f61a05b | 331 | /** |
| HannesTschofenig | 0:796d0f61a05b | 332 | * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) |
| HannesTschofenig | 0:796d0f61a05b | 333 | * |
| HannesTschofenig | 0:796d0f61a05b | 334 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 335 | * \param f_rng RNG function (Only needed for RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 336 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 337 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 338 | * \param olen will contain the plaintext length |
| HannesTschofenig | 0:796d0f61a05b | 339 | * \param input buffer holding the encrypted data |
| HannesTschofenig | 0:796d0f61a05b | 340 | * \param output buffer that will hold the plaintext |
| HannesTschofenig | 0:796d0f61a05b | 341 | * \param output_max_len maximum length of the output buffer |
| HannesTschofenig | 0:796d0f61a05b | 342 | * |
| HannesTschofenig | 0:796d0f61a05b | 343 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 344 | * |
| HannesTschofenig | 0:796d0f61a05b | 345 | * \note The output buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 346 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
| HannesTschofenig | 0:796d0f61a05b | 347 | * an error is thrown. |
| HannesTschofenig | 0:796d0f61a05b | 348 | */ |
| HannesTschofenig | 0:796d0f61a05b | 349 | int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 350 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 351 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 352 | int mode, size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 353 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 354 | unsigned char *output, |
| HannesTschofenig | 0:796d0f61a05b | 355 | size_t output_max_len ); |
| HannesTschofenig | 0:796d0f61a05b | 356 | |
| HannesTschofenig | 0:796d0f61a05b | 357 | /** |
| HannesTschofenig | 0:796d0f61a05b | 358 | * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) |
| HannesTschofenig | 0:796d0f61a05b | 359 | * |
| HannesTschofenig | 0:796d0f61a05b | 360 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 361 | * \param f_rng RNG function (Only needed for RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 362 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 363 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 364 | * \param label buffer holding the custom label to use |
| HannesTschofenig | 0:796d0f61a05b | 365 | * \param label_len contains the label length |
| HannesTschofenig | 0:796d0f61a05b | 366 | * \param olen will contain the plaintext length |
| HannesTschofenig | 0:796d0f61a05b | 367 | * \param input buffer holding the encrypted data |
| HannesTschofenig | 0:796d0f61a05b | 368 | * \param output buffer that will hold the plaintext |
| HannesTschofenig | 0:796d0f61a05b | 369 | * \param output_max_len maximum length of the output buffer |
| HannesTschofenig | 0:796d0f61a05b | 370 | * |
| HannesTschofenig | 0:796d0f61a05b | 371 | * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 372 | * |
| HannesTschofenig | 0:796d0f61a05b | 373 | * \note The output buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 374 | * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise |
| HannesTschofenig | 0:796d0f61a05b | 375 | * an error is thrown. |
| HannesTschofenig | 0:796d0f61a05b | 376 | */ |
| HannesTschofenig | 0:796d0f61a05b | 377 | int rsa_rsaes_oaep_decrypt( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 378 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 379 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 380 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 381 | const unsigned char *label, size_t label_len, |
| HannesTschofenig | 0:796d0f61a05b | 382 | size_t *olen, |
| HannesTschofenig | 0:796d0f61a05b | 383 | const unsigned char *input, |
| HannesTschofenig | 0:796d0f61a05b | 384 | unsigned char *output, |
| HannesTschofenig | 0:796d0f61a05b | 385 | size_t output_max_len ); |
| HannesTschofenig | 0:796d0f61a05b | 386 | |
| HannesTschofenig | 0:796d0f61a05b | 387 | /** |
| HannesTschofenig | 0:796d0f61a05b | 388 | * \brief Generic wrapper to perform a PKCS#1 signature using the |
| HannesTschofenig | 0:796d0f61a05b | 389 | * mode from the context. Do a private RSA operation to sign |
| HannesTschofenig | 0:796d0f61a05b | 390 | * a message digest |
| HannesTschofenig | 0:796d0f61a05b | 391 | * |
| HannesTschofenig | 0:796d0f61a05b | 392 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 393 | * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for |
| HannesTschofenig | 0:796d0f61a05b | 394 | * RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 395 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 396 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 397 | * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) |
| HannesTschofenig | 0:796d0f61a05b | 398 | * \param hashlen message digest length (for POLARSSL_MD_NONE only) |
| HannesTschofenig | 0:796d0f61a05b | 399 | * \param hash buffer holding the message digest |
| HannesTschofenig | 0:796d0f61a05b | 400 | * \param sig buffer that will hold the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 401 | * |
| HannesTschofenig | 0:796d0f61a05b | 402 | * \return 0 if the signing operation was successful, |
| HannesTschofenig | 0:796d0f61a05b | 403 | * or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 404 | * |
| HannesTschofenig | 0:796d0f61a05b | 405 | * \note The "sig" buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 406 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 407 | * |
| HannesTschofenig | 0:796d0f61a05b | 408 | * \note In case of PKCS#1 v2.1 encoding keep in mind that |
| HannesTschofenig | 0:796d0f61a05b | 409 | * the hash_id in the RSA context is the one used for the |
| HannesTschofenig | 0:796d0f61a05b | 410 | * encoding. hash_id in the function call is the type of hash |
| HannesTschofenig | 0:796d0f61a05b | 411 | * that is encoded. According to RFC 3447 it is advised to |
| HannesTschofenig | 0:796d0f61a05b | 412 | * keep both hashes the same. |
| HannesTschofenig | 0:796d0f61a05b | 413 | */ |
| HannesTschofenig | 0:796d0f61a05b | 414 | int rsa_pkcs1_sign( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 415 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 416 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 417 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 418 | md_type_t md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 419 | unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 420 | const unsigned char *hash, |
| HannesTschofenig | 0:796d0f61a05b | 421 | unsigned char *sig ); |
| HannesTschofenig | 0:796d0f61a05b | 422 | |
| HannesTschofenig | 0:796d0f61a05b | 423 | /** |
| HannesTschofenig | 0:796d0f61a05b | 424 | * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) |
| HannesTschofenig | 0:796d0f61a05b | 425 | * |
| HannesTschofenig | 0:796d0f61a05b | 426 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 427 | * \param f_rng RNG function (Only needed for RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 428 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 429 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 430 | * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) |
| HannesTschofenig | 0:796d0f61a05b | 431 | * \param hashlen message digest length (for POLARSSL_MD_NONE only) |
| HannesTschofenig | 0:796d0f61a05b | 432 | * \param hash buffer holding the message digest |
| HannesTschofenig | 0:796d0f61a05b | 433 | * \param sig buffer that will hold the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 434 | * |
| HannesTschofenig | 0:796d0f61a05b | 435 | * \return 0 if the signing operation was successful, |
| HannesTschofenig | 0:796d0f61a05b | 436 | * or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 437 | * |
| HannesTschofenig | 0:796d0f61a05b | 438 | * \note The "sig" buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 439 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 440 | */ |
| HannesTschofenig | 0:796d0f61a05b | 441 | int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 442 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 443 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 444 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 445 | md_type_t md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 446 | unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 447 | const unsigned char *hash, |
| HannesTschofenig | 0:796d0f61a05b | 448 | unsigned char *sig ); |
| HannesTschofenig | 0:796d0f61a05b | 449 | |
| HannesTschofenig | 0:796d0f61a05b | 450 | /** |
| HannesTschofenig | 0:796d0f61a05b | 451 | * \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN) |
| HannesTschofenig | 0:796d0f61a05b | 452 | * |
| HannesTschofenig | 0:796d0f61a05b | 453 | * \param ctx RSA context |
| HannesTschofenig | 0:796d0f61a05b | 454 | * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for |
| HannesTschofenig | 0:796d0f61a05b | 455 | * RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 456 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 457 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 458 | * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) |
| HannesTschofenig | 0:796d0f61a05b | 459 | * \param hashlen message digest length (for POLARSSL_MD_NONE only) |
| HannesTschofenig | 0:796d0f61a05b | 460 | * \param hash buffer holding the message digest |
| HannesTschofenig | 0:796d0f61a05b | 461 | * \param sig buffer that will hold the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 462 | * |
| HannesTschofenig | 0:796d0f61a05b | 463 | * \return 0 if the signing operation was successful, |
| HannesTschofenig | 0:796d0f61a05b | 464 | * or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 465 | * |
| HannesTschofenig | 0:796d0f61a05b | 466 | * \note The "sig" buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 467 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 468 | * |
| HannesTschofenig | 0:796d0f61a05b | 469 | * \note In case of PKCS#1 v2.1 encoding keep in mind that |
| HannesTschofenig | 0:796d0f61a05b | 470 | * the hash_id in the RSA context is the one used for the |
| HannesTschofenig | 0:796d0f61a05b | 471 | * encoding. hash_id in the function call is the type of hash |
| HannesTschofenig | 0:796d0f61a05b | 472 | * that is encoded. According to RFC 3447 it is advised to |
| HannesTschofenig | 0:796d0f61a05b | 473 | * keep both hashes the same. |
| HannesTschofenig | 0:796d0f61a05b | 474 | */ |
| HannesTschofenig | 0:796d0f61a05b | 475 | int rsa_rsassa_pss_sign( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 476 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 477 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 478 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 479 | md_type_t md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 480 | unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 481 | const unsigned char *hash, |
| HannesTschofenig | 0:796d0f61a05b | 482 | unsigned char *sig ); |
| HannesTschofenig | 0:796d0f61a05b | 483 | |
| HannesTschofenig | 0:796d0f61a05b | 484 | /** |
| HannesTschofenig | 0:796d0f61a05b | 485 | * \brief Generic wrapper to perform a PKCS#1 verification using the |
| HannesTschofenig | 0:796d0f61a05b | 486 | * mode from the context. Do a public RSA operation and check |
| HannesTschofenig | 0:796d0f61a05b | 487 | * the message digest |
| HannesTschofenig | 0:796d0f61a05b | 488 | * |
| HannesTschofenig | 0:796d0f61a05b | 489 | * \param ctx points to an RSA public key |
| HannesTschofenig | 0:796d0f61a05b | 490 | * \param f_rng RNG function (Only needed for RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 491 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 492 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 493 | * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) |
| HannesTschofenig | 0:796d0f61a05b | 494 | * \param hashlen message digest length (for POLARSSL_MD_NONE only) |
| HannesTschofenig | 0:796d0f61a05b | 495 | * \param hash buffer holding the message digest |
| HannesTschofenig | 0:796d0f61a05b | 496 | * \param sig buffer holding the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 497 | * |
| HannesTschofenig | 0:796d0f61a05b | 498 | * \return 0 if the verify operation was successful, |
| HannesTschofenig | 0:796d0f61a05b | 499 | * or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 500 | * |
| HannesTschofenig | 0:796d0f61a05b | 501 | * \note The "sig" buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 502 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 503 | * |
| HannesTschofenig | 0:796d0f61a05b | 504 | * \note In case of PKCS#1 v2.1 encoding keep in mind that |
| HannesTschofenig | 0:796d0f61a05b | 505 | * the hash_id in the RSA context is the one used for the |
| HannesTschofenig | 0:796d0f61a05b | 506 | * verification. hash_id in the function call is the type of |
| HannesTschofenig | 0:796d0f61a05b | 507 | * hash that is verified. According to RFC 3447 it is advised to |
| HannesTschofenig | 0:796d0f61a05b | 508 | * keep both hashes the same. |
| HannesTschofenig | 0:796d0f61a05b | 509 | */ |
| HannesTschofenig | 0:796d0f61a05b | 510 | int rsa_pkcs1_verify( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 511 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 512 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 513 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 514 | md_type_t md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 515 | unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 516 | const unsigned char *hash, |
| HannesTschofenig | 0:796d0f61a05b | 517 | const unsigned char *sig ); |
| HannesTschofenig | 0:796d0f61a05b | 518 | |
| HannesTschofenig | 0:796d0f61a05b | 519 | /** |
| HannesTschofenig | 0:796d0f61a05b | 520 | * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) |
| HannesTschofenig | 0:796d0f61a05b | 521 | * |
| HannesTschofenig | 0:796d0f61a05b | 522 | * \param ctx points to an RSA public key |
| HannesTschofenig | 0:796d0f61a05b | 523 | * \param f_rng RNG function (Only needed for RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 524 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 525 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 526 | * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) |
| HannesTschofenig | 0:796d0f61a05b | 527 | * \param hashlen message digest length (for POLARSSL_MD_NONE only) |
| HannesTschofenig | 0:796d0f61a05b | 528 | * \param hash buffer holding the message digest |
| HannesTschofenig | 0:796d0f61a05b | 529 | * \param sig buffer holding the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 530 | * |
| HannesTschofenig | 0:796d0f61a05b | 531 | * \return 0 if the verify operation was successful, |
| HannesTschofenig | 0:796d0f61a05b | 532 | * or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 533 | * |
| HannesTschofenig | 0:796d0f61a05b | 534 | * \note The "sig" buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 535 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 536 | */ |
| HannesTschofenig | 0:796d0f61a05b | 537 | int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 538 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 539 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 540 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 541 | md_type_t md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 542 | unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 543 | const unsigned char *hash, |
| HannesTschofenig | 0:796d0f61a05b | 544 | const unsigned char *sig ); |
| HannesTschofenig | 0:796d0f61a05b | 545 | |
| HannesTschofenig | 0:796d0f61a05b | 546 | /** |
| HannesTschofenig | 0:796d0f61a05b | 547 | * \brief Perform a PKCS#1 v2.1 PSS verification (RSASSA-PSS-VERIFY) |
| HannesTschofenig | 0:796d0f61a05b | 548 | * |
| HannesTschofenig | 0:796d0f61a05b | 549 | * \param ctx points to an RSA public key |
| HannesTschofenig | 0:796d0f61a05b | 550 | * \param f_rng RNG function (Only needed for RSA_PRIVATE) |
| HannesTschofenig | 0:796d0f61a05b | 551 | * \param p_rng RNG parameter |
| HannesTschofenig | 0:796d0f61a05b | 552 | * \param mode RSA_PUBLIC or RSA_PRIVATE |
| HannesTschofenig | 0:796d0f61a05b | 553 | * \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data) |
| HannesTschofenig | 0:796d0f61a05b | 554 | * \param hashlen message digest length (for POLARSSL_MD_NONE only) |
| HannesTschofenig | 0:796d0f61a05b | 555 | * \param hash buffer holding the message digest |
| HannesTschofenig | 0:796d0f61a05b | 556 | * \param sig buffer holding the ciphertext |
| HannesTschofenig | 0:796d0f61a05b | 557 | * |
| HannesTschofenig | 0:796d0f61a05b | 558 | * \return 0 if the verify operation was successful, |
| HannesTschofenig | 0:796d0f61a05b | 559 | * or an POLARSSL_ERR_RSA_XXX error code |
| HannesTschofenig | 0:796d0f61a05b | 560 | * |
| HannesTschofenig | 0:796d0f61a05b | 561 | * \note The "sig" buffer must be as large as the size |
| HannesTschofenig | 0:796d0f61a05b | 562 | * of ctx->N (eg. 128 bytes if RSA-1024 is used). |
| HannesTschofenig | 0:796d0f61a05b | 563 | * |
| HannesTschofenig | 0:796d0f61a05b | 564 | * \note In case of PKCS#1 v2.1 encoding keep in mind that |
| HannesTschofenig | 0:796d0f61a05b | 565 | * the hash_id in the RSA context is the one used for the |
| HannesTschofenig | 0:796d0f61a05b | 566 | * verification. hash_id in the function call is the type of |
| HannesTschofenig | 0:796d0f61a05b | 567 | * hash that is verified. According to RFC 3447 it is advised to |
| HannesTschofenig | 0:796d0f61a05b | 568 | * keep both hashes the same. |
| HannesTschofenig | 0:796d0f61a05b | 569 | */ |
| HannesTschofenig | 0:796d0f61a05b | 570 | int rsa_rsassa_pss_verify( rsa_context *ctx, |
| HannesTschofenig | 0:796d0f61a05b | 571 | int (*f_rng)(void *, unsigned char *, size_t), |
| HannesTschofenig | 0:796d0f61a05b | 572 | void *p_rng, |
| HannesTschofenig | 0:796d0f61a05b | 573 | int mode, |
| HannesTschofenig | 0:796d0f61a05b | 574 | md_type_t md_alg, |
| HannesTschofenig | 0:796d0f61a05b | 575 | unsigned int hashlen, |
| HannesTschofenig | 0:796d0f61a05b | 576 | const unsigned char *hash, |
| HannesTschofenig | 0:796d0f61a05b | 577 | const unsigned char *sig ); |
| HannesTschofenig | 0:796d0f61a05b | 578 | |
| HannesTschofenig | 0:796d0f61a05b | 579 | /** |
| HannesTschofenig | 0:796d0f61a05b | 580 | * \brief Copy the components of an RSA context |
| HannesTschofenig | 0:796d0f61a05b | 581 | * |
| HannesTschofenig | 0:796d0f61a05b | 582 | * \param dst Destination context |
| HannesTschofenig | 0:796d0f61a05b | 583 | * \param src Source context |
| HannesTschofenig | 0:796d0f61a05b | 584 | * |
| HannesTschofenig | 0:796d0f61a05b | 585 | * \return O on success, |
| HannesTschofenig | 0:796d0f61a05b | 586 | * POLARSSL_ERR_MPI_MALLOC_FAILED on memory allocation failure |
| HannesTschofenig | 0:796d0f61a05b | 587 | */ |
| HannesTschofenig | 0:796d0f61a05b | 588 | int rsa_copy( rsa_context *dst, const rsa_context *src ); |
| HannesTschofenig | 0:796d0f61a05b | 589 | |
| HannesTschofenig | 0:796d0f61a05b | 590 | /** |
| HannesTschofenig | 0:796d0f61a05b | 591 | * \brief Free the components of an RSA key |
| HannesTschofenig | 0:796d0f61a05b | 592 | * |
| HannesTschofenig | 0:796d0f61a05b | 593 | * \param ctx RSA Context to free |
| HannesTschofenig | 0:796d0f61a05b | 594 | */ |
| HannesTschofenig | 0:796d0f61a05b | 595 | void rsa_free( rsa_context *ctx ); |
| HannesTschofenig | 0:796d0f61a05b | 596 | |
| HannesTschofenig | 0:796d0f61a05b | 597 | /** |
| HannesTschofenig | 0:796d0f61a05b | 598 | * \brief Checkup routine |
| HannesTschofenig | 0:796d0f61a05b | 599 | * |
| HannesTschofenig | 0:796d0f61a05b | 600 | * \return 0 if successful, or 1 if the test failed |
| HannesTschofenig | 0:796d0f61a05b | 601 | */ |
| HannesTschofenig | 0:796d0f61a05b | 602 | int rsa_self_test( int verbose ); |
| HannesTschofenig | 0:796d0f61a05b | 603 | |
| HannesTschofenig | 0:796d0f61a05b | 604 | #ifdef __cplusplus |
| HannesTschofenig | 0:796d0f61a05b | 605 | } |
| HannesTschofenig | 0:796d0f61a05b | 606 | #endif |
| HannesTschofenig | 0:796d0f61a05b | 607 | |
| HannesTschofenig | 0:796d0f61a05b | 608 | #endif /* POLARSSL_RSA_C */ |
| HannesTschofenig | 0:796d0f61a05b | 609 | |
| HannesTschofenig | 0:796d0f61a05b | 610 | #endif /* rsa.h */ |
| HannesTschofenig | 0:796d0f61a05b | 611 | |
| HannesTschofenig | 0:796d0f61a05b | 612 |